I assume that regardless of what type of Trojan/Rootkit etc. may have snuck onto your machine - at some point it will want/need to open a port and reach out to someone ? So if you believed there was an outside possibility that you may be infected, how long would you expect to have to watch/log port activity (with netstat, Port Explorer etc.) before being reasonably sure that there is nothing that wants to call out ? P.S. I don't personally think I have such an issue at the moment - I just don't remember reading anything about the frequency/patterns with which such intruders try to get back out to the net ? Would you expect suspicious activity within for example, a week of watching logs, or is there no reliable standard ? Or is there a degree of built-in dormancy that means some malware will remain inactive for long periods of time (a month or more) before becoming active and trying to call out?